Share

Facebook Notification Spam Has Crossed the Line

From SMS notifications to an egregious number of emails to messing with two-factor authentication, Facebook's desperation has gone too far.

HOTLITTLEPOTATO

Facebook has always nudged truant users back to its platform though emails and notifications. But recently, those prods have evolved beyond comments related to activity on your own profile. Now Facebook will nag you when an acquaintance comments on someone else’s photo, or when a distant family member updates their status. The spamming has even extended to those who sign up for two-factor authentication—which is a great way to turn people off to that extra layer of security.

“The part of it that bugs me is that two-factor authentication is something [Facebook] should be encouraging people to use, but instead the way this is working here is that they’re driving people away from two-factor and making people less secure,” says Matt Green, a professor at the Johns Hopkins University Information Security Institute, who has done contracted security work for Facebook in the past. “It’s abusive, people’s attention is deliberately tweaked by what looks like a two-factor authentication message.”

Green says he’s received near-daily SMS messages from Facebook since January alerting him that one of his friends performed some action on the platform. Before he started receiving the messages, Green says he hadn’t logged into Facebook for a long time and had actually forgotten his password.

The weirdest part about the SMS notifications is what happens if you reply to them. If you respond, your message is posted to your own profile. If the notifications involve someone else’s content, users say the text replies inadvertently show up as comments on other people’s photos or statuses. I set up text two-factor authentication myself to try this out, and my text reply did end up on my own profile.

Facebook

Facebook's response about what was happening with SMS messages didn't shed very much light on the issue. “We give people control over their notifications, including those that relate to security features like two-factor authentication. We’re looking into this situation to see if there’s more we can do to help people manage their communications,” a spokesperson said in a statement.

But in a blog post Friday, Facebook's security head Alex Stamos described the SMS spam as a bug. "It was not our intention to send non-security-related SMS notifications to these phone numbers, and I am sorry for any inconvenience these messages might have caused," Stamos wrote, adding that the company would soon do away with the ability to post to Facebook via SMS.1

If you don’t want to risk receiving annoying text messages but still want to enable two-factor authentication to protect your Facebook account, you can also sign up using a code generator, which doesn’t require forking over your phone number. You can also turn off Facebook notifications on iOS by going to Settings > Notifications > Facebook and switching the toggle off. On Android, go to Settings > Applications > Application Manager > Facebook > Notifications, and switch them off. Of course, that won't help with the emails.

Facebook Needs Your Love

The latest onslaught of engagement tactics come not even a month after Mark Zuckerberg said he wanted to “make sure the time we all spend on Facebook is time well spent,” and warned that engagement might go down on the platform as a result of new efforts designed to emphasize “meaningful connections.” The messages appear designed help counter that slump.

A number of people say that they had also seen an uptick in emails from Facebook letting them know that everyday events had happened on the platform, like someone sharing a photo or posting a status. “I stopped checking Facebook and deleted the app for a while so they started emailing me nonsense notifications,” says Tucker Higgins, a Facebook user in New York, who says the first message he received notified him that an acquaintance had commented on that person's own status. He then began getting numerous emails from Facebook with similar messages—sometimes multiple times a day.

Tucker Higgins

One email even asked Higgins if he was having trouble logging into his account (he wasn’t). Bloomberg noted last month that people were receiving similar emails about account access around the world. Facebook told Bloomberg that the messages weren’t a re-engagement tactic, but Higgins says the barrage began after he had deleted the app.

Tucker Higgins

The spammy notifications also show up on the app itself, and are often pushed to the lockscreen of a user's phone. I've received one informing me that a friend who moved away years ago posted a status, and another that an old babysitter uploaded a photo. Other users say they’re receiving similar messages about distant acquaintances. “A person from high school I haven’t interacted with in literally years even on Facebook added a photo and I got a notification,” says Brett Williams, another Facebook user in New York.

Junk Mail

Despite the annoyance, Facebook likely uses these new tactics simply because they work.

“I think they very much count on the fact that it will produce an addictive response. Not for everybody, for a percentage of people getting it. If it works for 10 percent that’s a win for them. It’s still economically viable,” says David Greenfield, the founder of the Center for Internet and Technology Addiction and assistant clinical professor for psychiatry at the University of Connecticut School of Medicine. “It might be somebody that you want to hear from, but you don’t know, the only way to know is to check it.”

'I think they very much count on the fact that it will produce an addictive response.'

David Greenfield, University of Connecticut School of Medicine

Greenfield also pointed out that Facebook isn’t the first platform to deploy these kinds of alerts. Twitter, for example, has been sending push notifications about activity occurring on the platform since last year, like when a number of people you follow all interact with the same tweet.

The new notifications appear to be part of a series of efforts to carry out what Zuckerberg says is Facebook's new mission: to “bring people closer together.” For example, Facebook is also prompting people to hangout with each other in real life. It’s encouraging users to celebrate the day they became friends with a specific acquaintance on Facebook as a kind of social media holiday. Facebook even tried to rebrand its own anniversary as “friends day” earlier this month.

Facebook’s new efforts often feel so annoying because it’s easy to forget that it's not just a social network, but a for-profit advertising business. The new notifications and features aren’t really that at all—they’re spam and marketing campaigns. It’s not unusual for other types of online businesses to send users texts or emails to promote their services. Facebook's service just happens to be connecting you with your friends in exchange for your attention. “You wouldn’t have a stock selling for $180 a share if it was about people talking and making nice,” says Greenfield.